Improving the correctness and stability of the core Tor software involves three main tasks.
The first task is streamlining and automating the process of launching a complete testing Tor network, including Tor directory authorities, relays, bridges, clients, and hidden services, as well as client applications and destination services like websites. We need to continue to identify and resolve bugs in Tor's "testing network" configuration. We need to improve packaging and portability for these tools, so other researchers and developers can reproduce and extend our results.
The second task is designing and scripting an automated test suite to exercise and stress as much of Tor's functionality as possible. These tests should come in the form of a) standalone unit tests, b) scripted clients that perform specific actions and expect certain results, and c) Tor controllers that exercise the control port interface as much as possible to observe and modify Tor's internal state. This test framework will allow us to investigate and reproduce bugs reported in the wild in a safe (with respect to user privacy) and controlled environment. We should also focus on getting our test framework to the point where other developers can devise and run their own tests.
The third task, in parallel with the first two, is to extend Tor's controller interface to allow better monitoring. So far the control protocol has focused on exposing client state to local controllers (like the graphical interface); we will change it to export more details for relays, directory authorities, and hidden services as well. Combined with build automation (a separate project), the extended interface will also provide a more powerful framework for continuous evaluation of performance, scalability, and bandwidth overhead.